[OTHER] Criteria for Contributing

[freddy-m]

I like the site a lot right now, but, I think a major improvement would be criteria for contributing . While the sites focus is to degoogle, you could say Slack is a hangouts alternative. And while there is also a focus on privacy, tycrek ultimately has control over what goes and what doesn't.

Questions to consider:

Is it open source? Does it have encryption? Is there a public facing owner or does it hide behind some shell company? Does it use modern protocols etc...

This is something to be done over time, however, it will make the site more reliable, rather than having to trust one user (this isn't an attack by any means, all the recommendations are great).

[tycrek]

I definitely agree - it could be more clear that the guide is for privacy focused alternatives. The original guide in 2018 (was only a Reddit thread on r/privacy at the time) was for any alternative which included multiple Microsoft/Apple/Facebook services. This version which began in mid-2019 aimed to fix that.

Some things I've tried to do to increase transparency and reliability:

• Listing "eyes" wherever possible for users who are concerned about governing bodies
• Listing all contributors from the original Reddit thread, Reddit DM's, Issues, and Pull Requests in either the repo contributors tab or the CONTRIBUTORS.md file.
• In addition, usernames are also added directly into the README wherever it is applicable.
• By using GitHub Issues and Pull Requests, users can discuss services or modifications as well as look at previous conversations.
• GitHub is a private entity with the legal ability to remove this repo at any time, although this is unlikely. In case that does happen, I manage the r/privacy de-google wiki page which is a copy/paste of the README file. I also try to encourage other people to host mirrors and list them in the MIRRORS.md file. These are not perfect solutions as most of them are also private entities. I also have multiple offline mirrors, just in case ;)

I agree, there is more we can do. Something I've been considering for some time is hosting a Gitea instance. However, my personal server is located in a 5-eyes country (Canada) and my hosting provider (Digital Ocean) also has legal grounds to shut down my services at any time.

Moving on from that, I like your "questions to consider". Here are some of my own thoughts in addition to yours:

• Open-source
• Encryption
• Public/Shell
• Modern protocols
• Legal jurisdiction/n-eyes
• Abandoned or active development
• Audits
• F-Droid or DDL (for mobile apps. Essentially non-Play Store sources)
• Anonymity
• Cost (pay with data; pay with money and how anonymous are payments; "FLOSS" free)
• Advertisements

This is just a quick list off the top of my head so there's lot's of room for improvement. @danarel , what are your thoughts?

[freddy-m]

What do you mean by Anonymity? Do you mean false promises, or actually providing it? Would adverts be ok if they were by codefund.io or am I completely missing the point? Otherwise, I think thats a pretty good first draft that can then be modified for individual categories.

[tycrek]

Anonymity is a number of things:

• User accounts. How anonymous is the signup process? How much information is required? The obvious "bad" offender is a Google account. A good example, though not an alternative in the guide, is Mullvad VPN. They don't ask for any information at all and provide a number of ways to anonymously pay. Not trying be an ad, just providing an example.
• Using the site. How many trackers are running on the page? Is there any fingerprinting? Do they reject proxy connections? Do privacy extensions like uBlock, uMatrix, Privacy Badger, or others break the site, and how easy is it to get it working again without sacrificing anonymity?
• Advertising. Personally, I use an adblocker no matter what. If it breaks a site I tweak it until it works. However this is clearly not the case for most users. In the case of no adblocker, I would probably be fine with Codefund. I'm not completely against listing services with advertising, provided it's something like Codefund, however I see no reason for users not to be using adblockers anyways.
• Tor. Some sites offer a .onion version. I can't remember right now if anything in the guide currently has a Tor version.
• Google reCaptcha

To summarize my point: the question of anonymity aims at how anonymous a user can remain while using that service. Perfect anonymity would perhaps be a setup using Tor, a VPN, throwaway accounts, and crypto currency for payments.

The thing with anonymity is that, like anything privacy, it's a spectrum rather than a black and white decision. Users may feel uncomfortable providing their full name, address, birthday, email, etc., but are willing to provide their personal credit card info in order to pay for a service that will guarantee some form of security. The uber-paranoid will use Bitcoin or some other form of crypto, but that can't be expected of all users. That's actually another thing I've wanted to add for a while: some form of indicator or scale on how private a service is. The basic level is your average person; the middle level is someone who is concerned or interested in privacy and needs help getting there; the last level is someone who has no social media, uses TAILS or other Live-only operating systems, doesn't use an iPhone or Android-based device.

I do think we should have some form of evaluation when considering a new service (and re-evaluating all existing services in the guide) and I appreciate that you opened an issue specifically for it. I think some potential categories for evaluating could include:

• Security. In regards to things like E2EE, secure payments using trusted payment processors (additionally: who is trusted?), modern protocols on their website, providing a Tor site, 3rd party audits
• Trustworthiness. Something like /e/ (see Issue #55) is not trustworthy. Trustworthiness would be based on how transparent they are (a strong, easy-to-read privacy policy would suffice), records of their audits, regular blog posts and security updates. Other things can definitely be added on, this is just a rough idea. Being open-source might also apply to this category.
• Ease of use. For people like you and me, ease of use doesn't really matter as we are willing to take the time to tweak things exactly to our liking. However one of my original goals for this guide (and is an ongoing goal) is making it easy enough for someone new to privacy to understand.

I didn't intend to write that big a block of text but you bring up good points to discuss. Let me know what you think about how we could go about having a criteria for adding services, or anything else to improve the guide.

[freddy-m]

I like the idea of a ranking system of beginner, intermediate and advanced (I'd be happy to help out, and open another issue). Here are what I think the points can be narrowed down to:

• Anonymous Payments Accepted (cash, crytpo, giftcards)
• Analytics must be privacy respecting (preferably self hosted)
• No Google reCaptcha, instead hCaptcha or alternative
• HTTPS Bonus:
• .onion adress.

[tycrek]

I like those points. I think the 3rd one could be improved by not only including reCaptcha, perhaps something like the Cloudflare's DDOS protection can be included.

The second point could potentially be expanded to just "Tracking" with an emphasis on analytics. Far too many sites try to make calls to google-analytics.com and googletagmanager.com.

I feel services should be ranked in a way that is clear to the average person. For example LibreOffice Online would be intermediate as you need to figure out how to self host it. CryptPad would be beginner since it's pretty much as easy as launching their website. For indicating their level, perhaps a fourth column in the tables would work, but I'm open to any suggestions.

[freddy-m]

I agree. Beginner, Intermediate, Advanced. A fourth column could work, or maybe a green, orange red colour system somehow integrated. Not too sure...

[tycrek]

The user side will need some thinking to work out, whether it's a fourth column, colours, etc. Since I just switched the guide to use Yaml data it should be as simple as adding an extra value into each alternative. Any ideas what this value could be named?

[freddy-m]

Skill level?

[tycrek]

I like the sound of that. I'll open another issue for tracking with skill levels, I expect this task will take some time.

[freddy-m]

This is what we can boil this thread down to:

• Must be open-source (FLOSS)
• Must use encryption where possible
• Must have public facing ownership, not hiding behind a shell.
• Must use modern protocols
• Must still be in active development
• F-Droid or DDL (for mobile apps. Essentially non-Play Store sources)
• Anonymous Payments Accepted (cash, crytpo, giftcards)
• Analytics must be privacy respecting (preferably self hosted), similarly codefund is the only form of ads acceptable on the projects site
• No Google reCaptcha, instead hCaptcha or alternative
• HTTPS Bonuses:
• .onion adress

[tycrek]

I feel that FLOSS should only be a must when absolutely necessary; DuckDuckGo and Njalla are jsut two examples that would both have to be removed in that case.

I like the rest of the requirements. For analytics, what are your thoughts on not allowing anything that loads a Google domain? Anything from their ad network, a CDN, tag manager, etc. (perhaps not including fonts?)

[freddy-m]

Every connection to Google can be used for tracking, so it's best not to have any. I'll tone down the FLOSS requirements because your points are valid, it's just a nice thing to have.

Open source CDN's exist, as do fonts, ad networks and tag managers. Perhaps we should notify users if such things are present (which is a big task). It's an odd one; keep it as it is for now maybe?

[onlyjob]

Perhaps FLOSS should always be necessary otherwise one just have to trust the black box, however nice. This is a very important requirement for credibility, transparency, security and possibility of independent audit. If DuckDuckGo deserves to be listed then list it with a big red non-FLOSS flag as an exception (but don't make exceptions for everything else just because DuckDuckGo is not fully open).

[tycrek]

Google/CDN's: That is a big task for sure. Now I'm curious how many of the alternatives actually connect to Google domains... It might be worth adding a suggestion to use Decentraleyes in addition to including it in the extensions list. In a perfect world, everyone would use an ad-blocker to block these domains but this isn't realistic at all: people make mistakes and forget to install on other devices; perhaps they are using a company device and are restricted in what they can add; etc.

FLOSS: Those are great points. If we do permit closed-source alternatives, then I'd say we move them to the bottom of their respective tables as well as add a clear indicator that they are not FOSS/FLOSS. I also suggest we add a note somewhere (perhaps in the disclaimer, under the eyes bullet) describing what FOSS/FLOSS actually is, in an ELI5 form.

Now as for which services are permitted, this will probably need to be on a case-by-case basis. One example is Protonmail: I remember at one point only some aspects of their service were open source, with others being closed-source. What do you think we should do for services that are only partially open source?

Side note: Depending on how we want to add these indicators, we might be able to replace the entire "eyes" column with a "flags" column. These flags could include:

• n-eyes
• FOSS/FLOSS
• anything else relevant

This will also be a pretty big task, I could create a new branch specifically for adding in these ideas until they are ready.

[onlyjob]

Thanks. IMHO we should always expect and endorse full FLOSS compliance. How can one even begin to trust "secret ingredients"?? "Black boxes" are insecure almost by definition and certainly not trustworthy because they are not open for inspection (e.g. peer review). Proprietary == Unethical. "Proprietary" is a strong corrupting influence and that's why I think we should always recommend FLOSS whenever possible with few exceptions when there are no FLOSS alternatives.

[freddy-m]

@tycrek I think that ranking system will help inform users in a similar way that the 'skill level' would. @onlyjob's comments are all very good, the only options for proprietary software are BSL's for auditing. Otherwise they have no purpose.

[tycrek]

My proposition for an updated CONTRIBUTING.md:

---

All alternatives services must meet these requirements:

1. Must be FLOSS (unless discusssed on a case-by-case basis). FLOSS services listed higher in their tables.
   • GitHub, GitLab, Gitea, Sourceforge, etc.
   • Active development ^{1: what counts as active?}
   • F-Droid (if applicable) or Direct Download source (such as GitHub releases)
   • Paid FLOSS services can be permitted as long as there is still an option to self-host or build the source.
2. Service is encrypted
   • Website uses HTTPS
   • E2EE when applicable
   • Modern encryption protocols
3. Must have public facing ownership, not hiding behind a shell. ^{2: We should clarify what a shell is, and possible provide an example.}
4. Privacy-centric
   • Anonymous payments (cash, crytpocurrency, gift cards)
   • Analytics must be privacy respecting (preferably self hosted)
   • No Google reCaptcha, instead hCaptcha or other alternative
5. Extra (not required but helpful)
   • .onion address
   • Warrant canary

---

We'll probably lose a few services to these changes but that will have to be accepted in the interest of privacy. What is everyone's thoughts on adapting this in CONTRIBUTING.md?

[freddy-m]

@tycrek that seems good!

1. As for active development, I would just say non-translation based updates within the past 3/4 months, though I'm open to suggestions.

2. As for shell company, the example that came to mind was NordVPN and their other companies who hide behind a shell company in Panama. This probably isn't the best example seeing as you don't list VPN's.

EDIT: something that I've only just thought of is connection with the software. Are you affiliated in any way Y/N when contributing.

[tycrek]

1. As for active development, I would just say non-translation based updates within the past 3/4 months, though I'm open to suggestions.

Let's say 4 months, just to be safe. When checking we should also check other branches rather than just the default; I've seen a few repos where master hasn't had updates for months but at least two other branches are active.

EDIT: something that I've only just thought of is connection with the software. Are you affiliated in any way Y/N when contributing.

This is a great idea. There's been a few services added where the creator is the one to submit it. I'm fine with it as long as they're transparent about it and the submission isn't blatant advertising. I have had to edit some descriptions to be less "editorialized".

Edit: Should have previewed before posting...

[tycrek]

@FreddyMarsden, I've made #159 with some changes to the Issue templates and CONTRIBUTING.md. Let me know your thoughts